Cybersecurity has become more complex for healthcare organizations given the proliferation of data and endpoints stemming from remote work. Healthcare firms must also grapple with adversaries that have become more coordinated and sophisticated and address the many security challenges related to sharing information with third parties and fourth parties.
To address those challenges, Nashville-based Clearwater completed its purchase of fellow healthcare cyber vendor CynergisTek to provide hospitals and physicians with a broader range of security technology and services.
The company says it is joining forces with Austin, Texas-based CynergisTek to combine Clearwater’s endpoint, logging technology, risk analysis and schematic services with CynergisTek’s enterprise-focused ransomware readiness and controls-validation services, says Clearwater CEO Steve Cagle. Clearwater and CynergisTek agreed to the $17.7 million acquisition in May (see: Healthcare Cybersecurity: Why Resilience Is No Longer Enough).
“The reason that we did this is because we really feel that having that broader portfolio of services and technologies can greatly benefit our customers,” Cagle tells Information Security Media Group.
The combined company will employ more than 200 people and serve large hospitals and health systems as well as physician practice management groups and digital health companies, Cagle says. Mac McMillan, who has led CynergisTek since 2003, will retire, while COO Tim McMullen and CFO Paul Anthony will leave the company in the coming months, according to Cagle.
Getting More for Their Money
Cagle plans to explore efficient ways to package the joint Clearwater-CynergisTek offering so that hospitals and health systems can get more from their limited resources and funding. The merged company also wants to provide digital health firms with mature security and compliance capabilities beyond what they can develop on their own, Cagle says.
Both Clearwater and CynergisTek offer risk analysis and security assessments to their customers, but Cagle says Clearwater’s approach is enabled by its IRM Analysis software, which allows risk analysis to be conducted at the application and component level, he says. This makes it easier for customers to make risk treatment decisions and create plans to track and manage risk that’s above an acceptable threshold.
From a program management perspective, Cagle says Clearwater also offers schematic services to digital health and physician practice management clients since their security practices are less mature than those of large health systems. The firm offers managed detection and response, log management, endpoint detection, vulnerability management and firewall management services acquired from its TECH LOCK deal in July.
Additional M&A Ahead?
CynergisTek, meanwhile, focuses on ransomware readiness services and controls-validation monitoring for enterprise-class customers, and Cagle looks forward to extending those capabilities to Clearwater’s customer base. CynergisTek works with some large organizations in the public health and medical device spaces but primarily focuses on enterprise hospitals and health systems, according to Cagle.
The market for healthcare-focused cybersecurity and compliance services remains highly fragmented with many regional players, and Cagle remains open to pursuing deals that will further consolidate the space and provide more value to customers. Transactions that would allow Clearwater to move from partnering with a third party to directly providing security services are also appealing, he says.
From a metrics standpoint, Cagle says Clearwater most closely tracks customer satisfaction, employee retention, market-share performance and top-line and bottom-line growth. Having knowledgeable and engaged employees is vital given how heavily Clearwater focuses on cybersecurity services, he adds.
“This is an exciting opportunity for healthcare, bringing these companies together and really offering something which I think is unique in the marketplace,” Cagle says. “We very much appreciate getting feedback and learning a bit more about how we can be a better partner.”